[DRIVERS-927] Use strings for master and data key ids Created: 09/Mar/20 Updated: 08/Apr/22 Resolved: 23/Mar/20 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | Client Side Encryption |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
Currently master and data key ids are bson binary uuids. These keys are generally needed to configure the driver, and being composed of binary data creates challenges for interoperability between drivers as well as developer experience. For example, it is common to use environment variables to store configuration data. It is easy to store a string in an environment variable; it is not clear how to store a binary blob in an environment variable and be able to operate on it from a shell script. An application may work around binary blobs by performing its own encoding and decoding, but doing so makes the configuration data potentially unportable across applications and environments. Consider for example the following data flow:
If the key is a string, the above operations is straightforward. If the key is a binary blob, each step must be carefully evaluated for proper escaping (and could be unfeasible altogether). The same issue applies to data key ids, since when they are used for explicit encryption they become part of driver configuration. I asked kevin.albertson about why the key ids were not strings and from what I understand there is no specific reason why they can't be strings in principle. |
| Comments |
| Comment by Oleg Pudeyev (Inactive) [ 08/Apr/22 ] |
|
This issue is currently affecting Mongoid-FLE integration as reported/discussed in https://github.com/mongodb/mongo-ruby-driver/pull/2429. |